new argus-clients-3.0.7.14 on the server

David Edelman dedelman at iname.com
Tue Aug 20 18:15:13 EDT 2013 

Carter,

I'm having the exact same problem as before. 

I did a clean install after changing the string in VERSION so that I knew
that I was using new code. I applied the argus_label.c change which didn't
make any difference. I created .debug and .devel; make clobber, ./config;
make; make install and ran under gdb and it is the same picture.

The instances of rasqlinsert taking data from radium are as happy as clams. 

What additional material can I collect for you?

--Dave

-----Original Message-----
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of Carter Bullard
Sent: Tuesday, August 20, 2013 10:59 AM
To: Argus
Subject: [ARGUS] new argus-clients-3.0.7.14 on the server

Gentle people,
New client code up on the server.  This release fixes all
known bugs that has been reported on the list, as well as
having major modifications to rapath().

New code has been added as guards around the reported
label problems, but I am not sure that it has fixed
the problem.  If we could test that, that would be great !!!

We've made some big changes to rapath().  rapath() extracts
topology information from argus data.  Basically it takes all
data that has ICMP TXD messages mapped to it, and tabulates path
information where it can.  This has the effect of capturing all
traceroutes() that are observed by argus, regardless of the
techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
or several of the proprietary strategies seen in intrusions.

We've changed the default output of the graph that rapath.1
generates (using the -A option) to include the srcid, saddr
and daddr, so that you can build topology from just the
graphs.  I'll add the stime and duration as well, but need
to figure out some command line options to control all these
new fields.  Also rapath() is going to get a realtime mode,
currently, its a " read a file, generate some output " type of
tool.

Please grab this code and give it a run.  I'm hoping to
release 3.0.7.x as 3.0.8 in the next month, so if there are
any gotchas, don't hold back.

Carter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6283 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130820/7bcc74a6/attachment.bin>

More information about the argus mailing list